-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 27 Nov 2023 08:25:34 +0100 Source: rabbitmq-server Architecture: source Version: 3.10.8-1.1+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Debian OpenStack <team+openstack@tracker.debian.org> Changed-By: Thomas Goirand <zigo@debian.org> Closes: 1056723 Changes: rabbitmq-server (3.10.8-1.1+deb12u1) bookworm-security; urgency=high . * CVE-2023-46118: Denial of Service by publishing large messages over the HTTP API. Applied upstream patches that introduce a limit of 10MB: - Reduce_default_HTTP_API_request_body_size_limit_to_10_MiB.patch - Introduce_HTTP_request_body_limit_for_definition_uploads.patch (Closes: #1056723). Checksums-Sha1: 928f60e760c56e43a260ba59183941d1a2196283 2735 rabbitmq-server_3.10.8-1.1+deb12u1.dsc 6c499dc16f1691500fe551323e506668450a0de8 3586524 rabbitmq-server_3.10.8.orig.tar.xz b043bc517c44bf60d48aed91b37d7097ec21cecd 26104 rabbitmq-server_3.10.8-1.1+deb12u1.debian.tar.xz e8c7f956764c005b3d0bfabb125110a1243f49e2 8577 rabbitmq-server_3.10.8-1.1+deb12u1_amd64.buildinfo Checksums-Sha256: 9970b73e2083332cc4dbb1ee50dbd2bb5c6a87540658794130311f8b5fb92c6c 2735 rabbitmq-server_3.10.8-1.1+deb12u1.dsc 903b761ee541c3cf3374506c0d71cd80254392f58c55e033ac8ce3ebcf8d3b29 3586524 rabbitmq-server_3.10.8.orig.tar.xz 2c40a7236185c86906293b412e66940bbd2f84971c80914560d4463ab8c47f33 26104 rabbitmq-server_3.10.8-1.1+deb12u1.debian.tar.xz ab17b52dbf6f5954510ed1c830c494653d4e454f57eae3ef10a5fced4dce974b 8577 rabbitmq-server_3.10.8-1.1+deb12u1_amd64.buildinfo Files: 39008cd549675e49dff21867ffcfb756 2735 net optional rabbitmq-server_3.10.8-1.1+deb12u1.dsc 0bcb3b160fb4f3b469655a7c4ce82743 3586524 net optional rabbitmq-server_3.10.8.orig.tar.xz 93778e239e8a122be053dae9393db777 26104 net optional rabbitmq-server_3.10.8-1.1+deb12u1.debian.tar.xz 57f7f2c67ed7923de2ca5871444d0914 8577 net optional rabbitmq-server_3.10.8-1.1+deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmVoOlAACgkQ1BatFaxr Q/41TQ/+PrXDHKSmmzuoDM7KPP8b9iPc8uH4ZZISAYIlpifZC61d9qxv+l3xqoad us9MpnRuFtrAozuZh6oEngz+sH1UBnUcfsQT5N0ba58/YsrLf++H66m0PapMJWky 0G6BHzROpZKsvAuYcO0171hzUT6EtwSh3I4FGTl7YS0Z1uEG7s2Y9si+dC9cv5cQ OkwAwBxLj4tN7THPZtH903cXBjI8mTWL/NpXmEbczR3wdrOoqm8fxGevmgmyD+aT Cy8dj4dY4Av4NVR/FzJerYiZvsRAlMkQyVB8JKoYlswusI+o4fBxktWBn+YIF0Ab JgPrdmP5IZuByEGSe0NPjBfol0Ma5+x4ohfugsr3+g9bcgwdaDlILSw6EPpSWutG ReJwk0nRpl1Zjvv11EKxC87FcDKB/nV5N6wCL6/8hhKUMy+10Wri3qNM19erOJKQ yvDF9sXZncwaTLUfy8Mtk9JcxDWpzXhY66fnA0tEfcRitkoIk4tlI7wT+P/9gBXy Iwf4Nf/0G8VFtiiBhJNuvEMb+IsOEPH/hdoSuW+w4gLD/aQqoYGLaDV8rn17lT3o wlHdzPYW3wJkjYKJm1SAbuJlVWmrgyxuICYLzx+Ibh7CfCqHUrlyfA3oYP7Fos57 UvZTSiI/mqPdJ6FCNaoU+/ouj4xJlwVUyyU+Rvm5EQxWnDeQekc= =vIeH -----END PGP SIGNATURE-----
